iptables

Karamba & Superkaramba

Source (link to git-repo or to original if based on someone elses unmodified work): Add the source-code for this project on opencode.net

0
5.7
Description:

Shows some statistics from iptables logs. Shows top attakers and ports with their names.
Last changelog:

15 years ago

0.2 - First version

statman

14 years ago

Hi everyone,
I'd like to use this to monitor my system, on which I'm using Shorewall as my firewall.

I've tried it and it doesn't work. What do I need to change to get this to work?

FWIW I'm running Debian SID, and I know I'm not having a permissions problem because I tried it as root.

Thanks,
- Statman

Report

C

tjsa

14 years ago

I am not familiar with shorewall, if it is iptables based? and it has logging on, it should work. Are you getting lines containing text like
"IN=eth0 OUT= MAC=00:02:03:04:0f:8a:10:40:63:c6:b5:06:08:00 SRC=112.54.217.36 DST=10.451.61.12 LEN=48 TOS=0x00 PREC=0x00 TTL=111 ID=15022 DF PROTO=TCP SPT=4654 DPT=135 WINDOW=16384 RES=0x00 SYN URGP=0"
to your /var/log/syslog file?

Those lines are used by this theme!

Report

statman

14 years ago

I got it working, but I had to hard code in the path for some reason. (ie: to make it run as root I had to change every ./ to /root/iptables/)

No big deal and it's working fine without any other modifications!

Fantastic monitor - thank you very much for writing this!

Report

asmirnov

14 years ago

Certainly a very nice theme to add to my desktop but ... can't get it running under SuSE 9.0 Pro (and I would really really like to :-)). Let me say upfront that I am an average lame user with no knowledge of coding whatsoever. This is what I came up with: SuSE doesn't have /var/log/syslog or /var/log/syslog.0 - instead it has /var/log/messages and all older messages are archived as .gz files. I decided to change all references from "syslog" to "messages" in all three get***** files. Didn't seem to help very much ... getports and gethosts just stop (looks like they hung up) and when ps -ax'ed they show as [S]topped. Getlastcount gives me an error:
------------
./getlastcount: command substitution: line 2: syntax error near unexpected token `|'
./getlastcount: command substitution: line 2: `| awk '{printf "% 6d\n",$1}''
0 Tue
------------
Is there anyone who has had more luck then me in running iptables on SuSE and can offer a helping hand? I am running 2.4.21-231 kernel and KDE 3.1.4. Thanks a lot.

Report

C

tjsa

14 years ago

if you don't have /var/log/syslog file, you might try to create it as link to the /var/log/messages file. It is easier as changing the scripts (which do have the log file names "hard coded", sorry!). Try this as root and use the original scripts:


ln -s /var/log/messages /var/log/syslog

missing /var/log/syslog.0 shouldn't be any problem.

Report

asmirnov

14 years ago

Thanks a lot for the tip. I don't know why it didn't occur to me :-). However, I still can't get iptables to work - all I get is a blank background. I have no idea where the problem is, I made sure I have all the permissions to the file as a user, even the linked file contains all the messages from which I guess the iptables information is extracted and put into karamba.

Report

S4mp

15 years ago

Is it possible to view the iptable logs from another computer in this theme ?
Since the PC that routes the stuff ain't my workstation ...

Report

C

tjsa

15 years ago

You might add a ftp or scp transfer to gethost script in order to get remote hosts /var/log/syslog files to workstation. The files from remote host should be written to a temporary file and then the gethost and other scripts should be changed to use them instead of local /var/log/syslog files.

Report

Ekardnam

15 years ago

it doesn't work for me? Sorry, I'm a total
newbie, but how does this work? I look at
/var/log/syslog and /var/log/syslog.0, and the last one didn't exist. THen i ran
./gethosts i get "You don't have
permissions blah blah... should i change
the permissions?

And a very n00b question: this displays
who are "attaking" your computer right?
If i have a server, it displays the one
who are looking on my homepage? Or...?
=(

Report

C

tjsa

15 years ago

You probably don't have the rights to read the /var/log/syslog file, check the rights (try: ls -l /var/log/syslog, you should probably be a member in the group shown by command above) .

It doesn't matter if the file /var/log/syslog.0 doesn't exist, you get only a warning about missing file.

Iptables log shows only if somebody is accessing a port closed by iptables, uses false combination of flags etc. If the www-port is open, then this app. doesn't show info about users accessing your web server.

Report

Frank

15 years ago

This is a great app. :-)

Thank you

Report

yglodt

15 years ago

Congratulations, this is very useful!

Report

15 years ago

0.2 - First version

12345678910
product-maker Count:77 Rating: 5.71
File (click to download) Version Description Downloads Date Filesize DL OCS-Install
Pling
*Needs ocs-url or ocs-store to install things
Details
license
version
0.2
updated May 16 2004
added May 16 2004
downloads today
0
page views today 1
+